When using Python with SQLite DB, how to escape the data going in and pulling the data coming out?
Using pysqlite2
Use the second parameter args to pass arguments; don't do the escaping yourself. Not only is this easier, it also helps prevent SQL injection attacks.
cursor.execute(sql,args)
for example,
cursor.execute('INSERT INTO foo VALUES (?, ?)', ("It's okay", "No escaping necessary") )